Azure Linux 3.0 Security Update: pytorch (CVE-2024-27318)

The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27318 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to path traversal in onnx [CVE-2024-27318]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to path traversal in onnx, caused by improper validation of user requests CVE-2024-27318. Onyx is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1

CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1. A patched version of the package is available...

CBL Mariner 2.0 Security Update: pytorch (CVE-2024-27318)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27318 advisory. - Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the...

CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6

CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6. A patched version of the package is available...

Fedora 39 : onnx (2024-270e3b5e9b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-270e3b5e9b advisory. Security fix for CVE-2024-27318 and CVE-2024-27319 Tenable has extracted the preceding description block directly from the Fedora security advisory...

SUSE CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +154 more potentially affected by CVE-2024-27318 via onnx (>=0.2.0 <=1.15.0)

onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.0.0, =1.0.45, =1.44.0, =1.55.0 and more Source cves: CVE-2024-27318 Source advisory: OSV:GHSA-WHH8-FJGC-QP73...

CVE-2024-27318

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +154 more potentially affected by CVE-2024-27318 via onnx (>=0.2.0 <=1.15.0)

onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.0.0, =1.0.45, =1.44.0, =1.55.0 and more Source cves: CVE-2024-27318 Source advisory: OSV:PYSEC-2024-222...

CVE-2024-27318

CVE-2024-27318 affects the ONNX package: versions up to and including 1.15.0 are vulnerable to a Directory Traversal in the external_data field of the tensor proto, which can reference files outside the model directory or user-provided directory. The issue is described as a bypass of the patch fo...